Skip to content

[vslib] MACsec interface creation command fails on VM/VS with send_sci=false and SCI combination. #1668

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

[vslib] MACsec interface creation command fails on VM/VS with send_sci=false and SCI combination. #1668

wants to merge 7 commits into from

Conversation

@vikram-nexthop
Copy link

@vikram-nexthop vikram-nexthop commented Oct 17, 2025

What I did

Fix for #1667

How I did it

Modified MACsec interface creation logic to use a two-step approach:

  1. Always create the MACsec interface with explicit SCI specification (default send_sci=on)
  2. When send_sci=false is required, add a second command to switch the interface to send_sci=off mode.

How to verify it

  1. Run MACsec tests with profile parameted send_sci set to false.
  2. Verify interface creation commands in syslog:
2025 Oct 15 16:26:50.911039 VM01T3 NOTICE syncd#syncd: :- create_macsec_egress_sc: /sbin/ip link add link "eth1" name "macsec_eth1" type macsec  sci 226b54b065000001 encrypt  on  cipher GCM-AES-128 && ip link set link "eth1" name "macsec_eth1" type macsec  send_sci off && ip link set dev "macsec_eth1" up
  1. Check that TX SCI and send_sci are correctly set using command 'ip macsec show'
admin@VM01T3:~$ ip macsec show
83: macsec_eth1: protect on validate strict sc off sa off encrypt on send_sci off end_station off scb off replay off 
    cipher suite: GCM-AES-256, using ICV length 16
    TXSC: 226b54b065000001 on SA 0
        0: PN 1534, state on, key 8912df4fd8ea3f1547e02a4410f89996
    RXSC: 5c0758de98020001, state on
        0: PN 1597, state on, key 8912df4fd8ea3f1547e02a4410f89996
    offload: off

@mssonicbld
Copy link
Collaborator

mssonicbld commented Oct 17, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Oct 17, 2025

Azure Pipelines successfully started running 1 pipeline(s).

@vikram-nexthop vikram-nexthop changed the title [vslib] MACsec interface creation commands fails on VM/VS with send_sci=false and SCI combination. [vslib] MACsec interface creation command fails on VM/VS with send_sci=false and SCI combination. Oct 17, 2025
@vikram-nexthop vikram-nexthop marked this pull request as ready for review October 20, 2025 15:08
@mssonicbld
Copy link
Collaborator

mssonicbld commented Oct 31, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Oct 31, 2025

Azure Pipelines successfully started running 1 pipeline(s).

@mssonicbld
Copy link
Collaborator

mssonicbld commented Nov 4, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Nov 4, 2025

Azure Pipelines successfully started running 1 pipeline(s).

@mssonicbld
Copy link
Collaborator

mssonicbld commented Nov 11, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Nov 11, 2025

Azure Pipelines successfully started running 1 pipeline(s).

@mssonicbld
Copy link
Collaborator

mssonicbld commented Nov 20, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Nov 20, 2025

Azure Pipelines successfully started running 1 pipeline(s).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vikram-nexthop @mssonicbld